Chapter 5: Managing local linux users and groups

superuser ( root user )

user that has all power over the system

GID

user's primary group ID.

password

where passwords were kept in an encrypted format. stored in a separate file called /etc/shadow

chage -E YYYY-MM-DD username

will expire an account on a specific day

chage -d 0 username

will force a password update on next login

chage -1 username

will list a username's current settings

Restricting Access

with the chage command, an account expiration can be set. Once that date is reached the user cannot log into the system interactively.

UID

user ID, number that identifies the user at the most fundamental level

three pieces of information stored in password hash

1. hashing algorithm. number 1 indicates an MD5 Hash. Number 6 means SHA-512 hash is used 2. the salt used to encrypt the hash 3. the encrypted hash

useradd

Create new user account

usermod

Modify user account

sudo command

allows a user to be permitted to run a command as root, or as another user, based on settings in the /etc/sudoers file. Requires users to enter their own password for authentication

su command

allows a user to switch to a different user account. If username is not supplied root user is implied

usermod

alters group membership -g change user's primary group -aG add a user to a supplementary group usermod -aG groupname username -a means to append without it, the user would be removed from all other groups

GECOS

arbitrary text. usually includes the user's real name

passwd username

can be used to either set the user's initial password or change that user's password

id

command used to show information about the current logged-in user.

groupadd

creates a new group -g option is used to specify a specific GID -r option will create a system group using GID from the range of valid system GID

calculate a date in the future

date -d "+45 days"

groupdel

deletes a group

/etc/group

location of local group information

/etc/passwd

location of local user account information

/home/dir

location of the user's personal data and configuration files

home directory

location of the user's personal files

usermod -L username

lock a user account

username

mapping of a UID to a name for the benefit of human users

groupmod

modifies an existing group -n used to specify a new group name

/etc/shadow format

nine colon separated fields: 1. name: 2.password: 3.lastchange: 4.minage: 5.maxage: 6.warning: 7.inactive: 8.expire: 9.blank:

login shell

program that provides the user's command line prompt

shell

program that runs as the user logs in.

userdel -r username

removes user and the user's home directory

userdel username

removes user from /etc/passwd but leaves the home directory intact by default

usermod username

sets reasonable defaults for all fields in /etc/passwd

primary group

the fourth field of /etc/passwd

usermod -U user

unlock a user account

nologin

use of the nologin shell prevents interactive use of the system, but does not prevent all access. A user may still be able to authenticate and upload or retrieve files through applications such as web applications, FTP, or mail readers.